
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>django.contrib.auth &#8212; Django 2.2.12.dev20200304094918 documentation</title>
    <link rel="stylesheet" href="../../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script>
    <script type="text/javascript" src="../../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../../_static/doctools.js"></script>
    <script type="text/javascript" src="../../../_static/language_data.js"></script>
    <link rel="index" title="Index" href="../../../genindex.html" />
    <link rel="search" title="Search" href="../../../search.html" />



 
<script type="text/javascript" src="../../../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../../../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);</script>

  </head><body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../../../index.html">Django 2.2.12.dev20200304094918 documentation</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../../../index.html">Home</a>  |
        <a title="Table of contents" href="../../../contents.html">Table of contents</a>  |
        <a title="Global index" href="../../../genindex.html">Index</a>  |
        <a title="Module index" href="../../../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    <a href="../../index.html" title="Module code" accesskey="U">up</a></div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="_modules-django-contrib-auth">
            
  <h1>Source code for django.contrib.auth</h1><div class="highlight"><pre>
<span></span><span class="kn">import</span> <span class="nn">inspect</span>
<span class="kn">import</span> <span class="nn">re</span>

<span class="kn">from</span> <span class="nn">django.apps</span> <span class="k">import</span> <span class="n">apps</span> <span class="k">as</span> <span class="n">django_apps</span>
<span class="kn">from</span> <span class="nn">django.conf</span> <span class="k">import</span> <span class="n">settings</span>
<span class="kn">from</span> <span class="nn">django.core.exceptions</span> <span class="k">import</span> <span class="n">ImproperlyConfigured</span><span class="p">,</span> <span class="n">PermissionDenied</span>
<span class="kn">from</span> <span class="nn">django.middleware.csrf</span> <span class="k">import</span> <span class="n">rotate_token</span>
<span class="kn">from</span> <span class="nn">django.utils.crypto</span> <span class="k">import</span> <span class="n">constant_time_compare</span>
<span class="kn">from</span> <span class="nn">django.utils.module_loading</span> <span class="k">import</span> <span class="n">import_string</span>
<span class="kn">from</span> <span class="nn">django.utils.translation</span> <span class="k">import</span> <span class="n">LANGUAGE_SESSION_KEY</span>

<span class="kn">from</span> <span class="nn">.signals</span> <span class="k">import</span> <span class="n">user_logged_in</span><span class="p">,</span> <span class="n">user_logged_out</span><span class="p">,</span> <span class="n">user_login_failed</span>

<span class="n">SESSION_KEY</span> <span class="o">=</span> <span class="s1">&#39;_auth_user_id&#39;</span>
<span class="n">BACKEND_SESSION_KEY</span> <span class="o">=</span> <span class="s1">&#39;_auth_user_backend&#39;</span>
<span class="n">HASH_SESSION_KEY</span> <span class="o">=</span> <span class="s1">&#39;_auth_user_hash&#39;</span>
<span class="n">REDIRECT_FIELD_NAME</span> <span class="o">=</span> <span class="s1">&#39;next&#39;</span>


<span class="k">def</span> <span class="nf">load_backend</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
    <span class="k">return</span> <span class="n">import_string</span><span class="p">(</span><span class="n">path</span><span class="p">)()</span>


<span class="k">def</span> <span class="nf">_get_backends</span><span class="p">(</span><span class="n">return_tuples</span><span class="o">=</span><span class="kc">False</span><span class="p">):</span>
    <span class="n">backends</span> <span class="o">=</span> <span class="p">[]</span>
    <span class="k">for</span> <span class="n">backend_path</span> <span class="ow">in</span> <span class="n">settings</span><span class="o">.</span><span class="n">AUTHENTICATION_BACKENDS</span><span class="p">:</span>
        <span class="n">backend</span> <span class="o">=</span> <span class="n">load_backend</span><span class="p">(</span><span class="n">backend_path</span><span class="p">)</span>
        <span class="n">backends</span><span class="o">.</span><span class="n">append</span><span class="p">((</span><span class="n">backend</span><span class="p">,</span> <span class="n">backend_path</span><span class="p">)</span> <span class="k">if</span> <span class="n">return_tuples</span> <span class="k">else</span> <span class="n">backend</span><span class="p">)</span>
    <span class="k">if</span> <span class="ow">not</span> <span class="n">backends</span><span class="p">:</span>
        <span class="k">raise</span> <span class="n">ImproperlyConfigured</span><span class="p">(</span>
            <span class="s1">&#39;No authentication backends have been defined. Does &#39;</span>
            <span class="s1">&#39;AUTHENTICATION_BACKENDS contain anything?&#39;</span>
        <span class="p">)</span>
    <span class="k">return</span> <span class="n">backends</span>


<span class="k">def</span> <span class="nf">get_backends</span><span class="p">():</span>
    <span class="k">return</span> <span class="n">_get_backends</span><span class="p">(</span><span class="n">return_tuples</span><span class="o">=</span><span class="kc">False</span><span class="p">)</span>


<span class="k">def</span> <span class="nf">_clean_credentials</span><span class="p">(</span><span class="n">credentials</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Clean a dictionary of credentials of potentially sensitive info before</span>
<span class="sd">    sending to less secure functions.</span>

<span class="sd">    Not comprehensive - intended for user_login_failed signal</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="n">SENSITIVE_CREDENTIALS</span> <span class="o">=</span> <span class="n">re</span><span class="o">.</span><span class="n">compile</span><span class="p">(</span><span class="s1">&#39;api|token|key|secret|password|signature&#39;</span><span class="p">,</span> <span class="n">re</span><span class="o">.</span><span class="n">I</span><span class="p">)</span>
    <span class="n">CLEANSED_SUBSTITUTE</span> <span class="o">=</span> <span class="s1">&#39;********************&#39;</span>
    <span class="k">for</span> <span class="n">key</span> <span class="ow">in</span> <span class="n">credentials</span><span class="p">:</span>
        <span class="k">if</span> <span class="n">SENSITIVE_CREDENTIALS</span><span class="o">.</span><span class="n">search</span><span class="p">(</span><span class="n">key</span><span class="p">):</span>
            <span class="n">credentials</span><span class="p">[</span><span class="n">key</span><span class="p">]</span> <span class="o">=</span> <span class="n">CLEANSED_SUBSTITUTE</span>
    <span class="k">return</span> <span class="n">credentials</span>


<span class="k">def</span> <span class="nf">_get_user_session_key</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="c1"># This value in the session is always serialized to a string, so we need</span>
    <span class="c1"># to convert it back to Python whenever we access it.</span>
    <span class="k">return</span> <span class="n">get_user_model</span><span class="p">()</span><span class="o">.</span><span class="n">_meta</span><span class="o">.</span><span class="n">pk</span><span class="o">.</span><span class="n">to_python</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">[</span><span class="n">SESSION_KEY</span><span class="p">])</span>


<div class="viewcode-block" id="authenticate"><a class="viewcode-back" href="../../../topics/auth/default.html#django.contrib.auth.authenticate">[docs]</a><span class="k">def</span> <span class="nf">authenticate</span><span class="p">(</span><span class="n">request</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> <span class="o">**</span><span class="n">credentials</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    If the given credentials are valid, return a User object.</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="k">for</span> <span class="n">backend</span><span class="p">,</span> <span class="n">backend_path</span> <span class="ow">in</span> <span class="n">_get_backends</span><span class="p">(</span><span class="n">return_tuples</span><span class="o">=</span><span class="kc">True</span><span class="p">):</span>
        <span class="k">try</span><span class="p">:</span>
            <span class="n">inspect</span><span class="o">.</span><span class="n">getcallargs</span><span class="p">(</span><span class="n">backend</span><span class="o">.</span><span class="n">authenticate</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">credentials</span><span class="p">)</span>
        <span class="k">except</span> <span class="ne">TypeError</span><span class="p">:</span>
            <span class="c1"># This backend doesn&#39;t accept these credentials as arguments. Try the next one.</span>
            <span class="k">continue</span>
        <span class="k">try</span><span class="p">:</span>
            <span class="n">user</span> <span class="o">=</span> <span class="n">backend</span><span class="o">.</span><span class="n">authenticate</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="o">**</span><span class="n">credentials</span><span class="p">)</span>
        <span class="k">except</span> <span class="n">PermissionDenied</span><span class="p">:</span>
            <span class="c1"># This backend says to stop in our tracks - this user should not be allowed in at all.</span>
            <span class="k">break</span>
        <span class="k">if</span> <span class="n">user</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
            <span class="k">continue</span>
        <span class="c1"># Annotate the user object with the path of the backend.</span>
        <span class="n">user</span><span class="o">.</span><span class="n">backend</span> <span class="o">=</span> <span class="n">backend_path</span>
        <span class="k">return</span> <span class="n">user</span>

    <span class="c1"># The credentials supplied are invalid to all backends, fire signal</span>
    <span class="n">user_login_failed</span><span class="o">.</span><span class="n">send</span><span class="p">(</span><span class="n">sender</span><span class="o">=</span><span class="vm">__name__</span><span class="p">,</span> <span class="n">credentials</span><span class="o">=</span><span class="n">_clean_credentials</span><span class="p">(</span><span class="n">credentials</span><span class="p">),</span> <span class="n">request</span><span class="o">=</span><span class="n">request</span><span class="p">)</span></div>


<div class="viewcode-block" id="login"><a class="viewcode-back" href="../../../topics/auth/default.html#django.contrib.auth.login">[docs]</a><span class="k">def</span> <span class="nf">login</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">user</span><span class="p">,</span> <span class="n">backend</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Persist a user id and a backend in the request. This way a user doesn&#39;t</span>
<span class="sd">    have to reauthenticate on every request. Note that data set during</span>
<span class="sd">    the anonymous session is retained when the user logs in.</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="n">session_auth_hash</span> <span class="o">=</span> <span class="s1">&#39;&#39;</span>
    <span class="k">if</span> <span class="n">user</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span>
        <span class="n">user</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">user</span>
    <span class="k">if</span> <span class="nb">hasattr</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="s1">&#39;get_session_auth_hash&#39;</span><span class="p">):</span>
        <span class="n">session_auth_hash</span> <span class="o">=</span> <span class="n">user</span><span class="o">.</span><span class="n">get_session_auth_hash</span><span class="p">()</span>

    <span class="k">if</span> <span class="n">SESSION_KEY</span> <span class="ow">in</span> <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">:</span>
        <span class="k">if</span> <span class="n">_get_user_session_key</span><span class="p">(</span><span class="n">request</span><span class="p">)</span> <span class="o">!=</span> <span class="n">user</span><span class="o">.</span><span class="n">pk</span> <span class="ow">or</span> <span class="p">(</span>
                <span class="n">session_auth_hash</span> <span class="ow">and</span>
                <span class="ow">not</span> <span class="n">constant_time_compare</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">HASH_SESSION_KEY</span><span class="p">,</span> <span class="s1">&#39;&#39;</span><span class="p">),</span> <span class="n">session_auth_hash</span><span class="p">)):</span>
            <span class="c1"># To avoid reusing another user&#39;s session, create a new, empty</span>
            <span class="c1"># session if the existing session corresponds to a different</span>
            <span class="c1"># authenticated user.</span>
            <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">cycle_key</span><span class="p">()</span>

    <span class="k">try</span><span class="p">:</span>
        <span class="n">backend</span> <span class="o">=</span> <span class="n">backend</span> <span class="ow">or</span> <span class="n">user</span><span class="o">.</span><span class="n">backend</span>
    <span class="k">except</span> <span class="ne">AttributeError</span><span class="p">:</span>
        <span class="n">backends</span> <span class="o">=</span> <span class="n">_get_backends</span><span class="p">(</span><span class="n">return_tuples</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
        <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">backends</span><span class="p">)</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span>
            <span class="n">_</span><span class="p">,</span> <span class="n">backend</span> <span class="o">=</span> <span class="n">backends</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
        <span class="k">else</span><span class="p">:</span>
            <span class="k">raise</span> <span class="ne">ValueError</span><span class="p">(</span>
                <span class="s1">&#39;You have multiple authentication backends configured and &#39;</span>
                <span class="s1">&#39;therefore must provide the `backend` argument or set the &#39;</span>
                <span class="s1">&#39;`backend` attribute on the user.&#39;</span>
            <span class="p">)</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="k">if</span> <span class="ow">not</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">backend</span><span class="p">,</span> <span class="nb">str</span><span class="p">):</span>
            <span class="k">raise</span> <span class="ne">TypeError</span><span class="p">(</span><span class="s1">&#39;backend must be a dotted import path string (got </span><span class="si">%r</span><span class="s1">).&#39;</span> <span class="o">%</span> <span class="n">backend</span><span class="p">)</span>

    <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">[</span><span class="n">SESSION_KEY</span><span class="p">]</span> <span class="o">=</span> <span class="n">user</span><span class="o">.</span><span class="n">_meta</span><span class="o">.</span><span class="n">pk</span><span class="o">.</span><span class="n">value_to_string</span><span class="p">(</span><span class="n">user</span><span class="p">)</span>
    <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">[</span><span class="n">BACKEND_SESSION_KEY</span><span class="p">]</span> <span class="o">=</span> <span class="n">backend</span>
    <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">[</span><span class="n">HASH_SESSION_KEY</span><span class="p">]</span> <span class="o">=</span> <span class="n">session_auth_hash</span>
    <span class="k">if</span> <span class="nb">hasattr</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="s1">&#39;user&#39;</span><span class="p">):</span>
        <span class="n">request</span><span class="o">.</span><span class="n">user</span> <span class="o">=</span> <span class="n">user</span>
    <span class="n">rotate_token</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>
    <span class="n">user_logged_in</span><span class="o">.</span><span class="n">send</span><span class="p">(</span><span class="n">sender</span><span class="o">=</span><span class="n">user</span><span class="o">.</span><span class="vm">__class__</span><span class="p">,</span> <span class="n">request</span><span class="o">=</span><span class="n">request</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="n">user</span><span class="p">)</span></div>


<div class="viewcode-block" id="logout"><a class="viewcode-back" href="../../../topics/auth/default.html#django.contrib.auth.logout">[docs]</a><span class="k">def</span> <span class="nf">logout</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Remove the authenticated user&#39;s ID from the request and flush their session</span>
<span class="sd">    data.</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="c1"># Dispatch the signal before the user is logged out so the receivers have a</span>
    <span class="c1"># chance to find out *who* logged out.</span>
    <span class="n">user</span> <span class="o">=</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="s1">&#39;user&#39;</span><span class="p">,</span> <span class="kc">None</span><span class="p">)</span>
    <span class="k">if</span> <span class="ow">not</span> <span class="nb">getattr</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="s1">&#39;is_authenticated&#39;</span><span class="p">,</span> <span class="kc">True</span><span class="p">):</span>
        <span class="n">user</span> <span class="o">=</span> <span class="kc">None</span>
    <span class="n">user_logged_out</span><span class="o">.</span><span class="n">send</span><span class="p">(</span><span class="n">sender</span><span class="o">=</span><span class="n">user</span><span class="o">.</span><span class="vm">__class__</span><span class="p">,</span> <span class="n">request</span><span class="o">=</span><span class="n">request</span><span class="p">,</span> <span class="n">user</span><span class="o">=</span><span class="n">user</span><span class="p">)</span>

    <span class="c1"># remember language choice saved to session</span>
    <span class="n">language</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">LANGUAGE_SESSION_KEY</span><span class="p">)</span>

    <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span>

    <span class="k">if</span> <span class="n">language</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span>
        <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">[</span><span class="n">LANGUAGE_SESSION_KEY</span><span class="p">]</span> <span class="o">=</span> <span class="n">language</span>

    <span class="k">if</span> <span class="nb">hasattr</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="s1">&#39;user&#39;</span><span class="p">):</span>
        <span class="kn">from</span> <span class="nn">django.contrib.auth.models</span> <span class="k">import</span> <span class="n">AnonymousUser</span>
        <span class="n">request</span><span class="o">.</span><span class="n">user</span> <span class="o">=</span> <span class="n">AnonymousUser</span><span class="p">()</span></div>


<div class="viewcode-block" id="get_user_model"><a class="viewcode-back" href="../../../topics/auth/customizing.html#django.contrib.auth.get_user_model">[docs]</a><span class="k">def</span> <span class="nf">get_user_model</span><span class="p">():</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Return the User model that is active in this project.</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="k">try</span><span class="p">:</span>
        <span class="k">return</span> <span class="n">django_apps</span><span class="o">.</span><span class="n">get_model</span><span class="p">(</span><span class="n">settings</span><span class="o">.</span><span class="n">AUTH_USER_MODEL</span><span class="p">,</span> <span class="n">require_ready</span><span class="o">=</span><span class="kc">False</span><span class="p">)</span>
    <span class="k">except</span> <span class="ne">ValueError</span><span class="p">:</span>
        <span class="k">raise</span> <span class="n">ImproperlyConfigured</span><span class="p">(</span><span class="s2">&quot;AUTH_USER_MODEL must be of the form &#39;app_label.model_name&#39;&quot;</span><span class="p">)</span>
    <span class="k">except</span> <span class="ne">LookupError</span><span class="p">:</span>
        <span class="k">raise</span> <span class="n">ImproperlyConfigured</span><span class="p">(</span>
            <span class="s2">&quot;AUTH_USER_MODEL refers to model &#39;</span><span class="si">%s</span><span class="s2">&#39; that has not been installed&quot;</span> <span class="o">%</span> <span class="n">settings</span><span class="o">.</span><span class="n">AUTH_USER_MODEL</span>
        <span class="p">)</span></div>


<div class="viewcode-block" id="get_user"><a class="viewcode-back" href="../../../ref/contrib/auth.html#django.contrib.auth.get_user">[docs]</a><span class="k">def</span> <span class="nf">get_user</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Return the user model instance associated with the given request session.</span>
<span class="sd">    If no user is retrieved, return an instance of `AnonymousUser`.</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="kn">from</span> <span class="nn">.models</span> <span class="k">import</span> <span class="n">AnonymousUser</span>
    <span class="n">user</span> <span class="o">=</span> <span class="kc">None</span>
    <span class="k">try</span><span class="p">:</span>
        <span class="n">user_id</span> <span class="o">=</span> <span class="n">_get_user_session_key</span><span class="p">(</span><span class="n">request</span><span class="p">)</span>
        <span class="n">backend_path</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">[</span><span class="n">BACKEND_SESSION_KEY</span><span class="p">]</span>
    <span class="k">except</span> <span class="ne">KeyError</span><span class="p">:</span>
        <span class="k">pass</span>
    <span class="k">else</span><span class="p">:</span>
        <span class="k">if</span> <span class="n">backend_path</span> <span class="ow">in</span> <span class="n">settings</span><span class="o">.</span><span class="n">AUTHENTICATION_BACKENDS</span><span class="p">:</span>
            <span class="n">backend</span> <span class="o">=</span> <span class="n">load_backend</span><span class="p">(</span><span class="n">backend_path</span><span class="p">)</span>
            <span class="n">user</span> <span class="o">=</span> <span class="n">backend</span><span class="o">.</span><span class="n">get_user</span><span class="p">(</span><span class="n">user_id</span><span class="p">)</span>
            <span class="c1"># Verify the session</span>
            <span class="k">if</span> <span class="nb">hasattr</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="s1">&#39;get_session_auth_hash&#39;</span><span class="p">):</span>
                <span class="n">session_hash</span> <span class="o">=</span> <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">HASH_SESSION_KEY</span><span class="p">)</span>
                <span class="n">session_hash_verified</span> <span class="o">=</span> <span class="n">session_hash</span> <span class="ow">and</span> <span class="n">constant_time_compare</span><span class="p">(</span>
                    <span class="n">session_hash</span><span class="p">,</span>
                    <span class="n">user</span><span class="o">.</span><span class="n">get_session_auth_hash</span><span class="p">()</span>
                <span class="p">)</span>
                <span class="k">if</span> <span class="ow">not</span> <span class="n">session_hash_verified</span><span class="p">:</span>
                    <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">flush</span><span class="p">()</span>
                    <span class="n">user</span> <span class="o">=</span> <span class="kc">None</span>

    <span class="k">return</span> <span class="n">user</span> <span class="ow">or</span> <span class="n">AnonymousUser</span><span class="p">()</span></div>


<span class="k">def</span> <span class="nf">get_permission_codename</span><span class="p">(</span><span class="n">action</span><span class="p">,</span> <span class="n">opts</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Return the codename of the permission for the specified action.</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="k">return</span> <span class="s1">&#39;</span><span class="si">%s</span><span class="s1">_</span><span class="si">%s</span><span class="s1">&#39;</span> <span class="o">%</span> <span class="p">(</span><span class="n">action</span><span class="p">,</span> <span class="n">opts</span><span class="o">.</span><span class="n">model_name</span><span class="p">)</span>


<div class="viewcode-block" id="update_session_auth_hash"><a class="viewcode-back" href="../../../topics/auth/default.html#django.contrib.auth.update_session_auth_hash">[docs]</a><span class="k">def</span> <span class="nf">update_session_auth_hash</span><span class="p">(</span><span class="n">request</span><span class="p">,</span> <span class="n">user</span><span class="p">):</span>
    <span class="sd">&quot;&quot;&quot;</span>
<span class="sd">    Updating a user&#39;s password logs out all sessions for the user.</span>

<span class="sd">    Take the current request and the updated user object from which the new</span>
<span class="sd">    session hash will be derived and update the session hash appropriately to</span>
<span class="sd">    prevent a password change from logging out the session from which the</span>
<span class="sd">    password was changed.</span>
<span class="sd">    &quot;&quot;&quot;</span>
    <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="o">.</span><span class="n">cycle_key</span><span class="p">()</span>
    <span class="k">if</span> <span class="nb">hasattr</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="s1">&#39;get_session_auth_hash&#39;</span><span class="p">)</span> <span class="ow">and</span> <span class="n">request</span><span class="o">.</span><span class="n">user</span> <span class="o">==</span> <span class="n">user</span><span class="p">:</span>
        <span class="n">request</span><span class="o">.</span><span class="n">session</span><span class="p">[</span><span class="n">HASH_SESSION_KEY</span><span class="p">]</span> <span class="o">=</span> <span class="n">user</span><span class="o">.</span><span class="n">get_session_auth_hash</span><span class="p">()</span></div>


<span class="n">default_app_config</span> <span class="o">=</span> <span class="s1">&#39;django.contrib.auth.apps.AuthConfig&#39;</span>
</pre></div>

          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
<div id="searchbox" style="display: none" role="search">
  <h3>Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="../../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">Mar 04, 2020</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    <a href="../../index.html" title="Module code" accesskey="U">up</a></div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>